Porting ldap module configuration from 2.2.9 to 3.0.15
Fajar A. Nugraha
list at fajar.net
Tue Sep 19 09:25:33 CEST 2017
On Tue, Sep 19, 2017 at 2:15 PM, Olivier <Olivier.Nicole at cs.ait.ac.th>
> "Fajar A. Nugraha" <list at fajar.net> writes:
> > On Thu, Aug 31, 2017 at 4:44 PM, Olivier <Olivier.Nicole at cs.ait.ac.th>
> >> The first in in ldap module. In version 2, I did not define an identity
> >> nor a password and the binding to ldap server is made with the user name
> >> and password, effectively using ldap to authenticate the user.
> >> With the version3, I see:
> >> Aug 31 16:30:32 ldap slapd: conn=60904 fd=107 ACCEPT from IP=
> 220.127.116.11:37996 (IP=18.104.22.168:636)
> >> Aug 31 16:30:32 ldap slapd: conn=60904 fd=107 TLS established
> tls_ssf=256 ssf=256
> >> Aug 31 16:30:32 ldap slapd: conn=60904 op=0 BIND dn="" method=128
> >> where an anonymous bind is attempted (dn=""). I am not sure what has
> >> change in this regard between version 2 and 3, but I really need to
> >> replicate the same mechanism as in version 2, that is bind with the user
> >> name instead of going with some administrator account that would search
> >> in the ldap directory.
> > So you only want ldap for authentication, not authorization? Try
> > https://wiki.freeradius.org/modules/Rlm_ldap#userdn-attribute
> I need only authentication, but the authentication should be done inside
> LDAP, with a binding using the User-Name that is provided to FreeRadius
... which, to the best of my knowledge, the link pretty tells you how you
can achieve that.
> but what LDAP tells me is that I am binding with no username.
Because it needs to fill Ldap-UserDN attribute.
Did you read the link? Did you follow what it says to 'avoid the ldap
More information about the Freeradius-Users